Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 25 Sep 2014 20:33:37 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-users@...ts.openwall.com
Subject: Re: bash security update (CVE-2014-6271)

As many of you are aware, the initial bash security updates are not
final.  Please expect further updates soon.  There's a lengthy thread
discussing this on oss-security, and here's a summary:

http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html

There is not yet a consensus on how distros should address the issues,
beyond applying upstream's patches.

On Thu, Sep 25, 2014 at 12:24:17PM +0400, gremlin@...mlin.ru wrote:
> On 25-Sep-2014 06:07:46 +0400, Solar Designer wrote:
>  > Please note that Owl-current is undergoing some invasive updates
>  > now, so there are some inconsistencies between its source tree and
>  > the currently available binary packages (for some other packages,
>  > not for bash), most of which haven't been rebuilt yet. We'll take
>  > care of producing proper binary builds with all of these other
>  > updates shortly.
> 
> I'd suggest a quick workaround for possible binary incompatibilities:
> publish all .src.rpm files for each -current snapshot - as Owl has a
> complete build environment, urgent update of a single package could
> be as simple as `rpmbuild --rebuild ftp://.../package-1.2.3-1.src.rpm`

This might make sense once we've updated some key libraries in -current,
yet some people still want -current's security updates for older
versions of Owl (older than the currently supported -stable branch).
I'd expect many of such rebuild attempts to fail, though.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ